njrat | 84c97c760d516c1b896720cd0fe458f65f82ca8c81e80a1d308fcd219074580e | Triage

Sharing

General

Target

84c97c760d516c1b896720cd0fe458f65f82ca8c81e80a1d308fcd219074580e
Size

49KB
Sample

221120-j59hasdh23
MD5

33540739307261dc75989e9b773a0670
SHA1

cb89b53dccfa495ca1444f88a2808bb759e5f504
SHA256

84c97c760d516c1b896720cd0fe458f65f82ca8c81e80a1d308fcd219074580e
SHA512

ebe8ca2c366e65fd0dfd93eaebb5fb15aa34ee1df550c1c7c393e3ae6f8c42a0f58afb1927ca9d466c63eff76867d4edd2fcbecd529218df89691894b90cf6fa
SSDEEP

768:MWSLRiLZ5gC6s2x8nG5ZrjXz6+ZR+12+oIFig193sucro+I+xCAxo7qUC2hQ3jXj:3ZX+fJIMBP7EAxoPyY

Score

10^/10

njrat hacked by nasro-madridi microsoft persistence phishing trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed By Nasro-Madridi

C2

bojnas.no-ip.biz:1996

Mutex

bcb3c36b592faa2f26afcc4f64d98430

Attributes

reg_key
bcb3c36b592faa2f26afcc4f64d98430
splitter
|'|'|

Targets

- Target
  
  84c97c760d516c1b896720cd0fe458f65f82ca8c81e80a1d308fcd219074580e
- Size
  
  49KB
- MD5
  
  33540739307261dc75989e9b773a0670
- SHA1
  
  cb89b53dccfa495ca1444f88a2808bb759e5f504
- SHA256
  
  84c97c760d516c1b896720cd0fe458f65f82ca8c81e80a1d308fcd219074580e
- SHA512
  
  ebe8ca2c366e65fd0dfd93eaebb5fb15aa34ee1df550c1c7c393e3ae6f8c42a0f58afb1927ca9d466c63eff76867d4edd2fcbecd529218df89691894b90cf6fa
- SSDEEP
  
  768:MWSLRiLZ5gC6s2x8nG5ZrjXz6+ZR+12+oIFig193sucro+I+xCAxo7qUC2hQ3jXj:3ZX+fJIMBP7EAxoPyY
Score

10^/10

njrat hacked by nasro-madridi trojan microsoft persistence phishing
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Adds Run key to start application
  persistence
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathacked by nasro-madriditrojan

behavioral2

njrathacked by nasro-madridimicrosoftpersistencephishingtrojan